@auth.requires_membership('power')
def index():
    return dict()


@auth.requires_membership('power')
def add():
    if 'tag' in request.args:
        form = SQLFORM(db.tags)
    if 'image' in request.args:
        form = SQLFORM(db.images)
    else:
        form = SQLFORM(db.templates, fields=['title', 'category', 'tag', 'swf', 'image', 'description', 'code'])

    if form != None:
        if form.accepts(request.vars, session):
            session.flash = 'Posted'
        elif form.errors:
            session.flash = 'Error'
    
    links = [A('add tag', _href=URL(r=request, args='tag')),
             A('add image', _href=URL(r=request, args='image'))]
        
    return dict(form = form, links = links)


@auth.requires_membership('power')
def edit():
    return dict()


def user():
    """
    exposes:
    http://..../[app]/default/user/login 
    http://..../[app]/default/user/logout
    http://..../[app]/default/user/register
    http://..../[app]/default/user/profile
    http://..../[app]/default/user/retrieve_password
    http://..../[app]/default/user/change_password
    use @auth.requires_login()
        @auth.requires_membership('group name')
        @auth.requires_permission('read','table name',record_id)
    to decorate functions that need access control
    """
    return dict(form=auth())

